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EXAMINER'S ANSWER 



This is in response to the appeal brief filed 5/23/08 appealing from the Office action 
mailed 1/16/08. 
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(1) Real Party in Interest 

A statement identifying by name the real party in interest is contained in the brief. 

(2) Related Appeals and Interferences 

The examiner is not aware of any related appeals, interferences, or judicial 
proceedings which will directly affect or be directly affected by or have a bearing on the 
Board's decision in the pending appeal. 

(3) Status of Claims 

The statement of the status of claims contained in the brief is correct. 

(4) Status of Amendments After Final 
No amendment after final has been filed. 

(5) Summary of Claimed Subject Matter 

The summary of claimed subject matter contained in the brief is correct. 

(6) Grounds of Rejection to be Reviewed on Appeal 

The appellant's statement of the grounds of rejection to be reviewed on appeal is 
correct. 

(7) Claims Appendix 

The copy of the appealed claims contained in the Appendix to the brief is correct. 

(8) Evidence Relied Upon 

No evidence is relied upon by the examiner in the rejection of the claims under 
appeal. 
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(9) Grounds of Rejection 

The following ground(s) of rejection are applicable to the appealed claims: 



Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 21 - 30 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. 

Regarding claims 21 - 30, they comprise a computer program (e.g. dependent 
claim 30 explicitly recites that the system is software). Computer software per se. fails 
to fall within any one of the statutory categories of invention. Thus, claims 21 - 30 are 
rejected as being nonstatutory. 

Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 
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Claims 7, 9, 17, and 27 are rejected under 35 U.S.C. 112, second paragraph, 
as being indefinite for failing to particularly point out and distinctly claim the 
subject matter which applicant regards as the invention. 

Claim 7 recites the limitation "said new ACEs" in line 3. There is insufficient 
antecedent basis for this limitation in the claim. For the purpose of examination, the 
examiner presumes the applicant to refer to "new ACEs". 

Claims 7, 9, 17, and 27 have been rejected for similar reasons as above, and all 
other depending claims have been rejected by virtue of dependency. 



Claim Rejections - 35 USC § 102 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

(e) the invention was described in (1 ) an application for patent, published under section 1 22(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 
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Claims 1-30 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Shaji et al. (Shaji), "Interfaces and Methods for Group Policy Management", U.S. 
Patent Publication 2004/0215650. 

Regarding claim 1, Shaji discloses: 

making a copy of the security descriptor (par. 1 8, 91 ); 

adding a new access control entry (ACE) to the DACL in said copy, wherein said 
new ACE specifies denying the locally privileged group an access right to the securable 
object (par. 18, 19, 89); 

and overwriting the security descriptor in the operating system with said copy 
(par. 18). 

Regarding claim 2, Shaji discloses: determining the relative identifier (RID) of the 
securable object; and finding the security descriptor for the securable object based on 
said RID (par. 13, 64). 

Regarding claim 3, Shaji discloses: further comprising examining the DACL to 
discover whether said access right is already denied (par. 18). 

Regarding claim 4, Shaji discloses: wherein said new ACE is added as the first 
ACE in the DACL (fig. 14,15). 
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Regarding claim 5, Shaji discloses: wherein the securable object is a group other 
than the local administrators group (par. 4). 

Regarding claim 6, Shaji discloses: wherein said group is a domain administrator 
group (par. 4,5). 

Regarding claim 7, Shaji discloses: wherein said domain administrator group is a 
remotely hosted group, and the method further comprising adding said newACEs to the 
DACL in said copy to deny all local groups said access right to the securable object 
(par. 4,5,47). 

Regarding claims 8 and 9, Shaji discloses: herein said access right includes a 
right to change permissions of said group and wherein said access right also includes a 
right to view permissions of said group (par. 1 0 - herein administrators may create 
access rights that delegate the ability to modify security permissions). 

Regarding claim 10, Shaji discloses: wherein a single software tool performs the 
method (par. 38). 

Regarding claims 11 - 30, they comprise essentially similar recitations, and they 
are rejected, at least, for the same reasons. 



Application/Control Number: 10/710,491 
Art Unit: 2136 



Page 8 



(10) Response to Argument 

Appellant's arguments within the appeal brief have been fully considered but they 
are not persuasive. 

Shaji anticipates claims 1-30: 

Appellant states that for example, the Actions states that "Shaji discloses: making 
a copy of the security descriptor (par. 18, 91). " However, [0018] and [0091] of Shaji do 
not support the implicit assertion here. To the extent that any security descriptor is 
"copied" here in Shaji, this is not applicable to the relevant context. (Appeal Brief, pg. 
10, lines 17-27) 

First, it is noted that the appellant erroneously asserts that claim 1 recites that a 
"securable object" includes a "discretionary access control list". Specifically, appellant 
states, "The only one that is relevant here, however, is ... that this securable object be 
one that "includes a discretionary access control list (DACL)" (claim 1)." In contrast, 
however, the examiner points out that claim 1 recites that it is a "security descriptor" that 
includes a "discretionary access control list". Thus, the features upon which applicant 
relies (i.e., this securable object be one that "includes a discretionary access control list 
(DACL)") are not recited in the rejected claim(s). Although the claims are interpreted in 
light of the specification, limitations from the specification are not read into the claims. 
See In re Van Geuns, 988 F.2d 1 181, 26 USPQ2d 1057 (Fed. Cir. 1993). 
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Second, the examiner notes the appellant's argument respecting the preamble of 
claim 1 (specifically, "The only one that is relevant here, however, is "a security 
descriptor for the securable object"). In response, the examiner notes that a 
consideration of the prior art reference clearly reveals that the "security descriptors", as 
cited within paragraphs 18 and 90 of Shaji, are "security descriptors" for "securable 
objects" (e.g. par. 91 explicitly states "To load, the group policy management console 
queries the directory service 202 and receives the security descriptor or descriptors 
associated with the specified object or objects "). Also, it is noted that an attempt to 
consider the cited portions of Shaji in context shows that the security descriptors in 
question are used to manage the permissions and control the access rights for objects 
(e.g. also see par. 4-8, 10, 16). 

Third, it is noted, that the appellant appears to argue that the cited prior art 
security descriptors are not "copied". In response, the examiner points out that the prior 
art explicitly states that the security descriptors are "loaded" (i.e. copying data from 
storage memory into processing memory) (Shaji, par. 18, 91). After loading a security 
descriptor, the data may be processed (i.e. read, edited, used to enforce permissions, 
etc.) and then saved back into storage (Shaji, par. 16, 91). Thus, the examiner 
maintains that the prior art discloses making a copy of the security descriptor. 

Finally, the examiner notes that the appellant appears to argue that the prior art 
does not disclose a "discretionary access control list" or DACL. In response, the 
examiner respectfully points out that the prior art abundantly discloses that security 
descriptors comprise access control lists (ACLs) for permissions (e.g. see Shaji, par. 18, 
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19, 74, 75, 79, 91, 93). The examiner respectfully notes the appellant's own disclosure, 
wherein the appellant repeatedly admits that ACLs for permissions are also known as 
"DACLs" or "discretionary access control lists" (e.g. see appellant's specification, par. 
27, "Security Descriptor" table - "Permissions ACL"; "Header" table - "Offset to user 
DACL"; par. 31 ). Thus, at least for this reason, the examiner notes that Shaji discloses 
a DACL. 

Furthermore, it is noted that Shaji even explicitly uses the term "Dad" when 
making reference to the ACL of the security descriptor. According to Shaji (par. 93), the 
pseudocode representing the creation of a permissions table is as follows: 

For eachsecurityDescriptor sd 
For eachACE in sd.Dacl 

For eachPERMISSIONBIT perm in table.Columns 
if ace.ContainsPermission(perm) . . . 

As seen above, the pseudocode of Shaji explicitly utilizes the term DACL when 
programmatically referencing the ACL attribute associated with the security descriptor 
"sd". Thus, the examiner maintains that the prior art discloses an ACL for permissions 
(or a "discretionary access control list"). 

Appellant states that w/Y/7 respect to a discretionary access control list (DACL, 
examiner's counter arguments here is a semantic one. Essentially, the Examiner argues 
that Shaji does teach access control lists (ACLs); that an ACL list can be changed; 
therefore Shaji teaches DACL's. (Appeal Brief, pg. 10, line 28 - pg. 11, line 1 ) 
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In response, the examiner kindly points out that the appellant appears to grossly 
mischaracterize the office action of 01/16/2008. Specifically, nowhere can it be seen 
within page 7 item iii (or any other portion of the office action) that the examiner set forth 
the following argument "that Shaji does teach access control lists (ACLs); that an ACL 
list can be changed; therefore Shaji teaches DACL's". Appellant also mentions that if 
the Examiner feels that an ACL is equivalent to a DACL in a manner that is relevant to 
claim 1, the Examiner should have at least articulated a reason for this for the record 
and provided Appellant a reasonable opportunity to reply. However, the Examiner 
simply has not done this and there similarly is nothing in the record explaining why the 
Examiner feels that Shaji teaches any of the DACL related/specific limitations recited in 
claim 1. (Appeal Brief, pg. 11, line 28 - pg. 11, line 1-18) 

Examiner respectfully points out that the Wikipedia.org commentary respecting 
an "access control list" (what the appellant characterizes as "well known") does not 
appear until nearly 2 and a half years after the appellant's filing for invention. For 
example, one may easily verify the revision history for the Wikipedia.org entry of 
"access control list" and see that the definition cited by the appellant only first appears 
during the editing of entry revision 12/20/2006 @ 11:21 a.m., as edited by 
"AntiVandalBot", to revision 1/03/2007 @ 10:21 a.m., as edited by "Ka-Ping Yee". The 
examiner also points out that at the time of appellant's filing, 7/15/04, the Wikipedia.org 
entry for "access control list" (revision 7/15/04 @ 7:43 p.m. as edited by "Heron") fails to 
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comprise any recitation similar to what the appellant now asserts to be the "industry 
standard" meaning for access control list. 

Furthermore, regarding the appellant's assertion that the examiner failed to 
articulate the rational for considering the prior art ACL to be relevant to claim 1 , it is 
respectfully noted that this rational was already part of the record as established by the 
appellant themselves (e.g. see appellant's specification, par. 27, 30, 31 ). As articulated 
by the appellant, a security descriptor comprises a "permissions" access control list - 
also known as a "discretionary access control list". As was noted by the examiner, the 
prior art discloses a permissions access control list, and therefore discloses a 
discretionary access control list. Thus, it is clear that Shaji teaches the claimed ACL. 

Appellant asserts that Shaji nowhere teaches denying anything that is relevant to 
this matter, especially not by using a new ACE, or denying something to a locally 
privileged group, and not to all of these also with the other limitations recited in claim 1. 
(Appeal Brief, pg. 1 1 , lines 20 - 30) 

First, the examiner notes that the appellant again argues that the prior art fails to 
teach a DACL. In response, the examiner respectfully points out that the prior art 
discloses an ACL for permissions, and therefore discloses a DACL (e.g. see Shaji, par. 
74). This argument is unpersuasive for the same reasons as shown above. 

Second, the examiner respectfully notes that the appellant, while admitting that 
the word ACE appears throughout the disclosure of Shaji - including paragraph 89, 
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asserts that the prior art must fail to disclose an ACE because the word "ACE" does not 
appear within paragraphs 19 and 19 of Shaji. In response, the examiner finds the 
appellant's argument to be unpersuasive because it amounts to mere allegation. The 
examiner points out that the cited portions of Shaji clearly show the adding of 
permissions to security descriptors, the permissions comprising ACEs (e.g. par. 18, 19, 
89). Furthermore, the examiner notes that it is a reasonable expectation for the 
appellant to consider the prior art reference in its entirety. Thus, any cited portions of 
the prior art should, of course, be read and understood within the context of the 
remaining portions of the reference. The prior art makes clear that the manipulation of 
security descriptors comprises adding new ACEs to the security descriptor (see for 
example, Shaji, par. 91, 104, 107; fig. 6:1610). 

Finally, the examiner notes the appellant's argument that the prior art fails to 
disclose denying "a locally privileged group". In response, the examiner respectfully 
notes that the prior art clearly discloses that the permissions, as set forth within the 
ACE's of a security descriptor, can be used for denying "locally privileged groups" the 
access rights for securable objects (see for example, Shaji, par. 3 - 5, 16 -19, 74, 79, 
89, 92). 

Continuing further with respect to claim 1, the Actions also state that [Shaji 
discloses] "overwriting the security descriptor in the operating system with said copy 
(par. 18). " However, in [0018] Shaji merely teaches loading and mapping to a security 
descriptor. It teaches nothing here about overwriting a security descriptor, and 
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especially not about doing so with a copy as prepared in accord with the limitations in 
the preceding step in claim 1. (Appeal Brief, pg. 12, lines 4-8) 

In response, the examiner respectfully notes that Shaji clearly discloses 
"overwriting the security descriptor in the operating system with said copy". Shaji 
discloses loading a security descriptor (i.e. copying data from storage memory into 
processing memory), subsequently modifying the security descriptor (i.e. changing old 
data into new data - "overwriting"), and finally saving the modified security descriptor 
(i.e. writing the new data back into storage memory) (Shaji, par. 18, see also par. 91, 
104, 107). 

Regarding claim 2 , it should be allowed for at least the same reasons as parent 
claim 1. (Appeal Brief, pg. 12, lines 19-24) 

In response, the examiner, respectfully points out that the prior art does discloses 
determining an objects identity (i.e. a "relative identifier" of a securable object), and 
using this identity to apply the appropriate security policy or security descriptor (see for 
example Shaji par. 13, 16, 64). Applicant's arguments fail to comply with 37 
CFR 1 .1 1 1 (b) because they amount to a general allegation that the claims define a 
patentable invention without specifically pointing out how the language of the claims 
patentably distinguishes them from the references. 
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Regarding claim 3, it should also be allowed for at least the same reasons as 
parent claim 1. (Appeal Brief, pg. 13, lines 5-15) 

In response, the examiner notes that the prior art discloses examining a security 
descriptor (Shaji, par. 18, 19, 74, 89, 91, etc.). 

Furthermore, the examiner maintains that the claim clearly fails to recite 
""discovering" steps related to such". The intended use recitation "to discover" does not 
equate to a recitation of "discovering steps" as asserted by the appellant. In response 
to applicant's argument that the prior art fails to disclose "examining the DACL to 
discover whether said access right is already denied", a recitation of the intended use 
of the claimed invention must result in a structural difference between the claimed 
invention and the prior art in order to patentably distinguish the claimed invention from 
the prior art. If the prior art structure is capable of performing the intended use, then it 
meets the claim. 

Regarding claim 5, it should also be allowed for at least the same reasons as 
parent claim 1. (Appeal Brief, pg. 13, lines 17-23) 

In response, the examiner points out that the prior art shows that securable 
objects may be folders, computers, programs, domains, networks, etc. (e.g. Shaji, par. 
4). The examiner respectfully maintains that the appellant's arguments are 
unpersuasive, as they amount to mere allegation. Such an argument fails to present a 



Application/Control Number: 10/710,491 Page 16 

Art Unit: 2136 

logical reason as to how the appellant's statement, "[a] s is well known in the art, groups 
categorize securable objects (e.g., membership in a group, or the absence there of, 
defines the access rights to a securable object)" amounts to any reasonable traversal of 
the rejection of claim 5. Applicant's arguments fail to comply with 37 CFR 1 .1 1 1 (b) 
because they amount to a general allegation that the claims define a patentable 
invention without specifically pointing out how the language of the claims patentably 
distinguishes them from the references. 

Regarding claim 7 . (Appeal Brief, pg. 13, line 25 -pg. 13, line 9) 

In response, the examiner respectfully notes that the appellant's argument is 
again essentially that the prior does not disclose a DACL. The examiner finds this 
argument unpersuasive for same reasons as noted above. 

Claims 21-30 are subjected to 35 USC 101 

Appellant argues that claims 21 - 30 are statutory and states "the Examiner has 
never argued that Appellant' s claimed subject matter lacks practical utility". (Appeal 
Brief, pg. 14, line 11 - pg. 15, line 18) 

In response, the examiner respectfully notes that the issue at hand is not whether 
the examiner argued that the claims lacked practical utility. The rejection was made 
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under 35 USC § 101 for being directed to non-statutory subject matter. Regarding 
claims 21 - 30, they recite a system comprising a computer program (e.g. dependent 
claim 30 explicitly recites that the system is software). Computer software per se. fails 
to fall within any one of the statutory categories of invention. Thus, claims 21 - 30 are 
appropriately rejected as being nonstatutory. 

For 35 USC 112, 2 nd paragraph 

Accordingly, "said new ACEs" as recited in claim 7 has antecedent basis, is 
grammatically correct, and is recited in the manner best understandable to one of 
ordinary skill in the art. (Appeal Brief, pg. 15, line 27 - pg. 16, line 3) 

In response, the examiner respectfully notes that regardless of what the 
appellant considers to be "overwhelmingly the case in actual operating systems today", 
the fact remains that the appellant's claim 1 provides antecedent basis only for the 
adding of a single ACE. Thus, claim 7's recitation of "said new ACEs" lacks antecedent 
basis. Furthermore, the examiner kindly notes that the features argues by the 
appellant, "there then will be a said new ACE for each local group, and that a plurality of 
such will then be added to the DACL", are not recited within the claims. 
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(11) Related Proceeding(s) Appendix 

No decision rendered by a court or the Board is identified by the examiner in the 
Related Appeals and Interferences section of this examiner's answer. 



For the above reasons, it is believed that the rejections should be sustained. 

Respectfully submitted, 
Jeffery Williams 
/Jeffery Williams/ 
Examiner, Art Unit 2137 

Conferees: 
/KimYen Vu/ 

Supervisory Patent Examiner, Art Unit 2135 

/Nasser G Moazzami/ 

Supervisory Patent Examiner, Art Unit 2136 



